Commits

Etienne Perot  committed 6ad4f17

Rename torsocks profiles according to their purpose rather than their port numbers

  • Participants
  • Parent commits 87177a4

Comments (0)

Files changed (21)

File modules/base/files/networking/tor/torrc

 
 # - SOCKS ports with varying levels of isolation
 # ---- Low isolation: 9050 - 9054
-# -------- Low isolation port 1: 9050
+# -------- Low isolation port 1 (9050): Misc usage
 SocksPort 127.0.0.1:9050 IsolateClientAddr IsolateSOCKSAuth IsolateClientProtocol
-# -------- Low isolation port 2: 9051
+# -------- Low isolation port 2 (9051): Package management
 SocksPort 127.0.0.1:9051 IsolateClientAddr IsolateSOCKSAuth IsolateClientProtocol
-# -------- Low isolation port 3: 9052
+# -------- Low isolation port 3 (9052): GnuPG
 SocksPort 127.0.0.1:9052 IsolateClientAddr IsolateSOCKSAuth IsolateClientProtocol
-# -------- Low isolation port 4: 9053
+# -------- Low isolation port 4 (9053): Bitcoin
 SocksPort 127.0.0.1:9053 IsolateClientAddr IsolateSOCKSAuth IsolateClientProtocol
-# -------- Low isolation port 5: 9054
+# -------- Low isolation port 5 (9054): Litecoin
 SocksPort 127.0.0.1:9054 IsolateClientAddr IsolateSOCKSAuth IsolateClientProtocol
 
 # ---- Port-based isolation: 9055 - 9056
-# -------- Port-based isolation port 1: 9055
+# -------- Port-based isolation port 1 (9055): Tunnels
 SocksPort 127.0.0.1:9055 IsolateClientAddr IsolateSOCKSAuth IsolateClientProtocol IsolateDestPort
-# -------- Port-based isolation port 2: 9056
-SocksPort 127.0.0.1:9056 IsolateClientAddr IsolateSOCKSAuth IsolateClientProtocol IsolateDestPort
+# -------- Port-based isolation port 2 (9056): (Reserved)
+#SocksPort 127.0.0.1:9056 IsolateClientAddr IsolateSOCKSAuth IsolateClientProtocol IsolateDestPort
 
-# ---- Complete isolation: 9057
+# ---- Complete isolation: 9057 - 9059
+# -------- Complete isolation (9057): SSH
 SocksPort 127.0.0.1:9057 IsolateClientAddr IsolateSOCKSAuth IsolateClientProtocol IsolateDestAddr IsolateDestPort
+# -------- Complete isolation (9058): Hidden services
+SocksPort 127.0.0.1:9058 IsolateClientAddr IsolateSOCKSAuth IsolateClientProtocol IsolateDestAddr IsolateDestPort
+# -------- Complete isolation (9059): (Reserved)
+#SocksPort 127.0.0.1:9059 IsolateClientAddr IsolateSOCKSAuth IsolateClientProtocol IsolateDestAddr IsolateDestPort
 
-# - TransPort: 9058
-TransPort 127.0.0.1:9058
+# - TransPort: 9060
+TransPort 127.0.0.1:9060

File modules/base/files/networking/tor/torsocks.d/9050.conf

-local = 127.0.0.0/255.128.0.0
-local = 127.128.0.0/255.192.0.0
-local = 169.254.0.0/255.255.0.0
-local = 172.16.0.0/255.240.0.0
-local = 192.168.0.0/255.255.0.0
-local = 10.0.0.0/255.0.0.0
-
-server = 127.0.0.1
-server_type = 4a
-server_port = 9050

File modules/base/files/networking/tor/torsocks.d/9051.conf

-local = 127.0.0.0/255.128.0.0
-local = 127.128.0.0/255.192.0.0
-local = 169.254.0.0/255.255.0.0
-local = 172.16.0.0/255.240.0.0
-local = 192.168.0.0/255.255.0.0
-local = 10.0.0.0/255.0.0.0
-
-server = 127.0.0.1
-server_type = 4a
-server_port = 9051

File modules/base/files/networking/tor/torsocks.d/9052.conf

-local = 127.0.0.0/255.128.0.0
-local = 127.128.0.0/255.192.0.0
-local = 169.254.0.0/255.255.0.0
-local = 172.16.0.0/255.240.0.0
-local = 192.168.0.0/255.255.0.0
-local = 10.0.0.0/255.0.0.0
-
-server = 127.0.0.1
-server_type = 4a
-server_port = 9052

File modules/base/files/networking/tor/torsocks.d/9053.conf

-local = 127.0.0.0/255.128.0.0
-local = 127.128.0.0/255.192.0.0
-local = 169.254.0.0/255.255.0.0
-local = 172.16.0.0/255.240.0.0
-local = 192.168.0.0/255.255.0.0
-local = 10.0.0.0/255.0.0.0
-
-server = 127.0.0.1
-server_type = 4a
-server_port = 9053

File modules/base/files/networking/tor/torsocks.d/9054.conf

-local = 127.0.0.0/255.128.0.0
-local = 127.128.0.0/255.192.0.0
-local = 169.254.0.0/255.255.0.0
-local = 172.16.0.0/255.240.0.0
-local = 192.168.0.0/255.255.0.0
-local = 10.0.0.0/255.0.0.0
-
-server = 127.0.0.1
-server_type = 4a
-server_port = 9054

File modules/base/files/networking/tor/torsocks.d/9055.conf

-local = 127.0.0.0/255.128.0.0
-local = 127.128.0.0/255.192.0.0
-local = 169.254.0.0/255.255.0.0
-local = 172.16.0.0/255.240.0.0
-local = 192.168.0.0/255.255.0.0
-local = 10.0.0.0/255.0.0.0
-
-server = 127.0.0.1
-server_type = 4a
-server_port = 9055

File modules/base/files/networking/tor/torsocks.d/9056.conf

-local = 127.0.0.0/255.128.0.0
-local = 127.128.0.0/255.192.0.0
-local = 169.254.0.0/255.255.0.0
-local = 172.16.0.0/255.240.0.0
-local = 192.168.0.0/255.255.0.0
-local = 10.0.0.0/255.0.0.0
-
-server = 127.0.0.1
-server_type = 4a
-server_port = 9056

File modules/base/files/networking/tor/torsocks.d/9057.conf

-local = 127.0.0.0/255.128.0.0
-local = 127.128.0.0/255.192.0.0
-local = 169.254.0.0/255.255.0.0
-local = 172.16.0.0/255.240.0.0
-local = 192.168.0.0/255.255.0.0
-local = 10.0.0.0/255.0.0.0
-
-server = 127.0.0.1
-server_type = 4a
-server_port = 9057

File modules/base/files/networking/tor/torsocks.d/bitcoin.conf

+local = 127.0.0.0/255.128.0.0
+local = 127.128.0.0/255.192.0.0
+local = 169.254.0.0/255.255.0.0
+local = 172.16.0.0/255.240.0.0
+local = 192.168.0.0/255.255.0.0
+local = 10.0.0.0/255.0.0.0
+
+server = 127.0.0.1
+server_type = 4a
+server_port = 9053

File modules/base/files/networking/tor/torsocks.d/gnupg.conf

+local = 127.0.0.0/255.128.0.0
+local = 127.128.0.0/255.192.0.0
+local = 169.254.0.0/255.255.0.0
+local = 172.16.0.0/255.240.0.0
+local = 192.168.0.0/255.255.0.0
+local = 10.0.0.0/255.0.0.0
+
+server = 127.0.0.1
+server_type = 4a
+server_port = 9052

File modules/base/files/networking/tor/torsocks.d/hiddenservices.conf

+local = 127.0.0.0/255.128.0.0
+local = 127.128.0.0/255.192.0.0
+local = 169.254.0.0/255.255.0.0
+local = 172.16.0.0/255.240.0.0
+local = 192.168.0.0/255.255.0.0
+local = 10.0.0.0/255.0.0.0
+
+server = 127.0.0.1
+server_type = 4a
+server_port = 9058

File modules/base/files/networking/tor/torsocks.d/litecoin.conf

+local = 127.0.0.0/255.128.0.0
+local = 127.128.0.0/255.192.0.0
+local = 169.254.0.0/255.255.0.0
+local = 172.16.0.0/255.240.0.0
+local = 192.168.0.0/255.255.0.0
+local = 10.0.0.0/255.0.0.0
+
+server = 127.0.0.1
+server_type = 4a
+server_port = 9054

File modules/base/files/networking/tor/torsocks.d/misc.conf

+local = 127.0.0.0/255.128.0.0
+local = 127.128.0.0/255.192.0.0
+local = 169.254.0.0/255.255.0.0
+local = 172.16.0.0/255.240.0.0
+local = 192.168.0.0/255.255.0.0
+local = 10.0.0.0/255.0.0.0
+
+server = 127.0.0.1
+server_type = 4a
+server_port = 9050

File modules/base/files/networking/tor/torsocks.d/packagemanagement.conf

+local = 127.0.0.0/255.128.0.0
+local = 127.128.0.0/255.192.0.0
+local = 169.254.0.0/255.255.0.0
+local = 172.16.0.0/255.240.0.0
+local = 192.168.0.0/255.255.0.0
+local = 10.0.0.0/255.0.0.0
+
+server = 127.0.0.1
+server_type = 4a
+server_port = 9051

File modules/base/files/networking/tor/torsocks.d/ssh.conf

+local = 127.0.0.0/255.128.0.0
+local = 127.128.0.0/255.192.0.0
+local = 169.254.0.0/255.255.0.0
+local = 172.16.0.0/255.240.0.0
+local = 192.168.0.0/255.255.0.0
+local = 10.0.0.0/255.0.0.0
+
+server = 127.0.0.1
+server_type = 4a
+server_port = 9057

File modules/base/files/networking/tor/torsocks.d/tunnels.conf

+local = 127.0.0.0/255.128.0.0
+local = 127.128.0.0/255.192.0.0
+local = 169.254.0.0/255.255.0.0
+local = 172.16.0.0/255.240.0.0
+local = 192.168.0.0/255.255.0.0
+local = 10.0.0.0/255.0.0.0
+
+server = 127.0.0.1
+server_type = 4a
+server_port = 9055

File modules/base/manifests/networking/tor.pp

 		mode => 0644,
 		source => 'puppet:///modules/base/networking/tor/torsocks.d',
 		recurse => true,
+		force => true,
+		purge => true,
 		require => Package['torsocks']
 	}
 }

File modules/base/manifests/packaging.pp

 		require => File['/etc/pacman.d/pupfiles-options.conf']
 	}
 	bin_wrapper::torify {'pacman':
-		torsocks_profile => '/etc/torsocks.d/9051.conf'
+		torsocks_profile => '/etc/torsocks.d/packagemanagement.conf'
 	}
 	bin_wrapper::torify {'pacman-key':
-		torsocks_profile => '/etc/torsocks.d/9051.conf'
+		torsocks_profile => '/etc/torsocks.d/packagemanagement.conf'
 	}
 	bin_wrapper::torify {'yaourt':
-		torsocks_profile => '/etc/torsocks.d/9051.conf'
+		torsocks_profile => '/etc/torsocks.d/packagemanagement.conf'
 	}
 }

File modules/console/manifests/gpg.pp

 		source => 'console/gpg',
 		require => File['/etc/ssl/certs/mayfirst-peoplelink.crt']
 	}
+	bin_wrapper::torify {'gpg':
+		torsocks_profile => '/etc/torsocks.d/gnupg.conf'
+	}
 
 	include private::console::gpg
 	# I do not want to reveal my list of GPG keys.

File modules/desktop/manifests/apps/kgpg.pp

 	kde_rc::merge {'kgpgrc':
 		source => 'desktop/apps/kgpg'
 	}
+	bin_wrapper::torify {'kgpg':
+		torsocks_profile => '/etc/torsocks.d/gnupg.conf'
+	}
 }